Recent Comments

Archives

Categories

Meta

How To Never Have Another Password

Hello! Interested in password management?

The decision to begin using a password manager is too obvious to elaborate on here. If you are not using one, you should be! You should not be using the same password over and over again if you care about your privacy or protection at all. Hey, after you finish reading this article, you might not be using a password at all 😉

Life before password manager:

I don’t remember the combination of pins on the lock of my front door or my car, so why should I remember the keystroke combinations that log me into my online accounts?

Setting up the password manager can be tedious, but do it all at once or in bits at a time: Once its set-up, the maintenance is a breeze.

Have you run out of excuses yet?

Below you’ll see generous praise of the open-source program KeePass followed by a brief overview of the other options I have tried. Check it out,

KeePass

KeePass was the clear winner for me for a few reasons. First and foremost being that I was in control of my own database and key, its not that I don’t trust these other companies with my stuff, there is just something that feels real and reasonable with knowing how/where my passwords are kept. That being said, its now on me to backup and safely store my files. Plus its open source, so there is an extensive wiki and I trust the community to keep security up-to-date and create awesome plug-ins.

So how does is work?

The first of two files we will look at is the database. This contains all of your username/password combinations. It can also include other banking information and any text you want to keep secure. The database is heavily encrypted, it is your password safe.

Next you will have a key. This will be either windows user login, a master password (aren’t we trying to get rid of these) or a .key file. You can use one, a combination of, or all three. Here is how they work:

I don’t know how the windows log-in works, I knew from the start I would want my passwords to usable on multiple devices and without an internet connection. Although it might be possible, I did not bother with this option.

A master password will keep your database uncrackable, but remember to use excellent password protocol here as it will be your one password that you MUST remember. The longer the better, and throw in some special symbols. If you forget the master password you will NEVER be able to access your database again.

This is my personal favourite, the .key file. It is created by you and KeePass during the database creation. You can switch it out and create a new one at any time. It contains random information used in decryption.

So here is how I use it. This is not going to be a tutorial on installation but instead a brief description on how I set up and use it.

PC

So far, I have decided to keep my database in all the cloud storage accounts I have, I also have 1 backed up copy on a USB. This way, I can access my database from any where I have internet connection, even if for some reason one service were compromised. I can access Cloud storage on all my devices, and if I’m logging into an online site I have access to DropBox.

My .key file is store on USB which is kept on my key chain, with my keys. My online key is kept with my regular key, this is what makes the most sense to me. On the USB is also the portable KeePass program, which can be run from the USB without installation and a dmg file of the program for if I find myself on a mac.

The KeePass program has some fantastic keyboard shortcuts making inputting my passwords super easy. With my cursor in a site’s login, I use ctr-alt-a for KeePass’s auto type feature, which unfortunately doesn’t work with every website and I am forced to use instead ctr-alt-k. Not all websites are (username)(tab)(password)(enter) so for some you have to configure the correct keystrokes. There are also other keyboard shortcuts for accessing the correct login straight from a site’s log-in, or to navigate to a site’s log-in URL and begin auto type straight from the program. Please comment your methods below!

Mac

To start: I am not a Mac user and I am not a fan of Mac. I installed KeePassX and the first thing I notice is the background/foreground colours I have carefully selected for each key. I’m a visual person so I noticed this, but it’s no big deal. The keyboard shortcuts aren’t there or I haven’t figured them out yet. The only problem I have here is related to the synchronization between programs (even though I’m opening the same file on DropBox) so I must manually synchronize from the Windows program to retrieve any entries I have created while on Mac. Otherwise I have been happily using this program.

Android

Using a key with microUSB support allows me to use the app KeePassDroid to log into any site while mobile. When an entry is selected, card notifications will appear for copying each the username and the password. This is an easy solution for the sometimes not so easy to navigate smart phone. I’m happy with it.

Conclusion

Get a password manager! Why not make it KeePass? If you prefer a service with more automation and the ability to embed into your browser, read further for some other options.

Dashlane

Dashlane was actually a beautiful to look at, very easy to use and the web plugins worked like an treat. If want ease over control and like good design and usability give this option a chance! I don’t really know how you would take your passwords with you, but you can export your password to say, a new phone or computer. There is also an amazing suite of features which allows you to see which of your passwords are out of date or compromised and, very impressively, allows you to change your passwords from the app, including in groups.

LastPass

After I toggled the country to Canada, it still said “zip code.” This is the first offense I encountered. It might be petty but dammit it matters to me. Later on, I was denied some part of the service (I didn’t remember which in my frustration) because I am a Canadian User. Well poopoo to you too LastPass, the “juggernaut” will fall the hardest.

1Password

I tried to install this on the mac which was an unpleasant experience, I couldn’t work it, so I moved on and installed the Windows desktop app. I add a few passwords. I double check it was successful on my mac desktop app on another computer. Yes that worked. I download the browser extension. It does not automatically prompt me to save passwords when I log into a website on the windows. It does on Mac. It doesn’t on my Android phone. When I open the browser extension with my cursor in on the log in area, nothing comes up, blank, even when I search for a specific entry that I know exist. This is on Windows PC. On my Android phone it says “no matches found” (while browsing through the 1password browser). When I clicked on the original entry I was expecting to have it log me in. this has not aroused confidence. I’m sure if I stuck it out I would have become used to the interface but I do not have patience. I actually emailed the company who assured me they were working on bringing the Mac side of things up to the same functionality as Windows.